tl;dr
- meta redirect to attacker website, using the html injection in the paaad.
- leak the unique subdomain with csp violation.
- Another meta redirect csrf with the leaked subdomain to make the note public.
tl;dr
tl;dr
tl;dr
headers.set
/?user=
to Get XSS at /helloworld
/?user=<PAYLOAD>
and /helloworld
using cache poison or bug in regex(uninteded)tl;dr
/profile/
will not change the nonce tl;dr
tl;dr
tl;dr
tl;dr
LOAD
and S_TYPE
opcodes lead to OOB when addr > DRAM_BASE+DRAM_SIZE
tl;dr
tl;dr